The Kaiser Permanente data breach leaked personal information on around 13.4 million individuals across the United States.
Details of the Kaiser Data Breach 2024
In a statement, Kaiser Permanente revealed that third-party tracking technologies installed on its websites and mobile applications may have transmitted personal data of current and former patients and members to companies like Google, Microsoft Bing, and Twitter when they accessed online services.
The Kaiser Data Breach data involved could include IP addresses, names, details indicating a user was signed into an account, how they interacted with sites and apps, and search terms. While sensitive financial and medical records were not exposed, the scale of the breach puts millions at risk of identity theft.
“Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications”
Kaiser Permanente
Discovery and Response to the Kaiser Permanente Data Breach
An internal review discovered and removed the trackers, while additional security controls were implemented. Notices are being sent to affected individuals, although direct evidence of misuse was not found. This comes after a prior June 2022 data breach exposing health records of 69,000 people through an employee email hack.
By not properly vetting and limiting third-party access, even reputable organizations like Kaiser Permanente leave the door open for major privacy incidents. Clinics must Prioritize the security of patient data across all domains and partners.
While no financial harm is reported yet, the potential exposure of millions of Kaiser Permanente users serves as an important reminder for healthcare providers to take accountability for data in all areas of their digital systems.